BYOD Brings Wave of Unknown Security Threats

The first generation of bring your own device (BYOD) participants are likely to expose businesses to new security risks.

As the first wave of bring your own device (BYOD) initiatives gain traction in the workplace, the first generation of BYOD participants could pose a serious risk to corporate IT networks, according to a surveys from network security specialist Fortinet. The study, conducted in 15 territories during May/June 2012, asked more 3,800 active employees in their twenties about their perspectives on BYOD, its impact on their work environment and their approach to personal and corporate IT security, and found one in three respondents said they would contravene a company's security policy that forbids them to use their personal devices at work or for work purposes.

Survey results indicted the primary driver of the BYOD practice is that individuals can constantly access their preferred applications, especially social media and private communications, and this next generation of decision-makers and managers are increasingly viewing the use of personal devices in the workplace a right, rather than a privilege. Nearly three quarters (74 percent) of respondents across all territories already regularly engage in the practice, the study found.

While 42 percent of the survey sample believe potential data loss and exposure to malicious IT threats to be the dominant risk, suggesting the first generation of BYOD workers understand the risks posed by BYOD to their organization, this risk awareness does not prevent those workers from bypassing corporate policies. India had the highest number of respondents who were willing to contravene a corporate policy banning the use of personally-owned devices for work purposes, where 66 percent admitted they have or would do so.

When it comes to policies banning the use of non-approved applications, 30 percent said they would also contravene policy to use them, and 69 percent of respondents confirmed they are interested in Bring Your Own Application (BYOA), where users create and use their own custom applications at work. While this indicates other areas where organizations are at risk, the majority (66 percent) of respondents consider themselves -- not the company -- to be responsible for the security of the personal devices they use for work purposes.

"The survey clearly reveals the great challenge faced by organizations to reconcile security and BYOD," Patrice Perche, international vice president of international sales and support for Fortinet, said in a prepared statement. "While users want and expect to use their own devices for work, mostly for personal convenience, they do not want to hand over responsibility for security on their own devices to the organization. Within such an environment, organizations must regain control of their IT infrastructure by strongly securing both inbound and outbound access to the corporate network and not just implement mobile device management or MDM. Organizations cannot rely on a single technology to address the security challenges of BYOD. The most effective network security strategy requires granular control over users and applications, not just devices."